CN114329448B - System security detection method and device, electronic equipment and storage medium - Google Patents

Abstract

The embodiment of the invention discloses a system security detection method, a system security detection device and electronic equipment, and relates to the technical field of network security. The method comprises the steps of: obtaining vulnerability information of a system to be detected; generating a corresponding first attack strategy according to the vulnerability information; invoking the first attack strategy to automatically implement attack on the system to be detected so as to simulate an intrusion attack environment; and determining the safety state of the system to be detected according to the obtained attack result. The invention can implement active safety detection aiming at the system, so that the safety condition of the system can be detected more comprehensively and accurately; the method is suitable for the intrusion penetration test and the active security defense analysis scene of the service system.

Description

Translated fromChinese

一种系统安全检测方法、装置、电子设备及存储介质System safety detection method, device, electronic equipment and storage medium

技术领域Technical Field

本发明涉及网络安全技术领域，尤其涉及一种系统安全检测方法、装置、电子设备及存储介质。The present invention relates to the field of network security technology, and in particular to a system security detection method, device, electronic equipment and storage medium.

背景技术Background Art

计算机系统网络安全主要包括系统中的硬件、软件及其中的数据等信息资产的安全。一些面向业务对象开发的系统，不可避免存在一些脆弱性信息，这些脆弱性信息容易成为网络攻击者攻击的目标载体，而系统安全问题关系着系统能否安全可靠地正常运行。为了防止系统遭受突发网络信息安全事件出现运行故障，对系统的漏洞检测就成为可行的措施之一。Computer system network security mainly includes the security of information assets such as hardware, software and data in the system. Some systems developed for business objects inevitably have some vulnerability information, which can easily become the target carrier of network attackers. System security issues are related to whether the system can operate safely and reliably. In order to prevent the system from operating failures due to sudden network information security incidents, vulnerability detection of the system has become one of the feasible measures.

发明人在实现本发明创造的过程中发现：目前，市场上出现的系统安全检测工具多采用漏洞扫描检测方式，主要针对系统在用户使用运行过程中的安全问题进行被动防御检测，且由于该种检测方式依据的数据源比较单一，加之无法预先获得待检测目标系统的特点，难以较为全面准确的检测出系统的安全状况。In the process of realizing the invention, the inventors found that: currently, most system security detection tools on the market use vulnerability scanning detection methods, which mainly perform passive defense detection on security issues of the system during user operation. Moreover, since the data source based on this detection method is relatively single, and the characteristics of the target system to be detected cannot be obtained in advance, it is difficult to detect the security status of the system in a relatively comprehensive and accurate manner.

发明内容Summary of the invention

有鉴于此，本发明实施例提供一种系统安全检测方法、装置、电子设备及存储介质，可针对系统实施主动安全检测，便于较为全面准确的检测出系统的安全状况。In view of this, the embodiments of the present invention provide a system security detection method, device, electronic device and storage medium, which can implement active security detection on the system, so as to detect the security status of the system more comprehensively and accurately.

为达到上述发明目的，采用如下技术方案：In order to achieve the above-mentioned invention object, the following technical scheme is adopted:

第一方面，本发明实施例提供一种系统安全检测方法，所述方法包括步骤：获取待检测系统的脆弱性信息；根据所述脆弱性信息生成对应的第一攻击策略；调用所述第一攻击策略自动对所述待检测系统实施攻击，以模拟入侵攻击环境；根据得到的攻击结果确定所述待检测系统的安全状态。In a first aspect, an embodiment of the present invention provides a system security detection method, which includes the steps of: obtaining vulnerability information of a system to be detected; generating a corresponding first attack strategy based on the vulnerability information; calling the first attack strategy to automatically attack the system to be detected to simulate an intrusion attack environment; and determining the security status of the system to be detected based on the obtained attack results.

结合第一方面，在第一方面的第一种实施方式中，所述脆弱性信息包括：软件漏洞、硬件漏洞及网络通信数据漏洞。In combination with the first aspect, in a first implementation of the first aspect, the vulnerability information includes: software vulnerabilities, hardware vulnerabilities and network communication data vulnerabilities.

结合第一方面及第一方面的第一种实施方式，在第一方面的第二种实施方式中，所述根据所述脆弱性信息生成对应的第一攻击策略包括：In combination with the first aspect and the first implementation of the first aspect, in a second implementation of the first aspect, generating a corresponding first attack strategy according to the vulnerability information includes:

根据所述脆弱性信息从攻击策略库中匹配查询，得到所述第一攻击策略；所述攻击策略库中至少存储有所述待检测系统的脆弱性信息与第一攻击策略之间的映射关系。The first attack strategy is obtained by matching and querying from an attack strategy library according to the vulnerability information; the attack strategy library at least stores a mapping relationship between the vulnerability information of the system to be detected and the first attack strategy.

结合第一方面，第一方面的第一种及第二种实施方式，在第一方面的第三种实施方式中，所述获取待检测系统的脆弱性信息包括：采集所述待检测系统的软件、硬件及网络通信的数据信息；根据软件、硬件及网络通信维度对所述数据信息进行分类处理，得到目标分析数据信息；提取所述目标分析数据信息中的漏洞检测特征；对所述漏洞检测特征进行分析，得到对应的脆弱性信息。In combination with the first aspect, the first and second implementation modes of the first aspect, in the third implementation mode of the first aspect, obtaining the vulnerability information of the system to be detected includes: collecting data information of software, hardware and network communication of the system to be detected; classifying and processing the data information according to the software, hardware and network communication dimensions to obtain target analysis data information; extracting vulnerability detection features in the target analysis data information; analyzing the vulnerability detection features to obtain corresponding vulnerability information.

结合第一方面，第一方面的第一种、第二种及第三种实施方式，在第一方面的第四种实施方式中，所述漏洞检测特征包括：IP地址、域名、端口、URL、API入口路径、数据库链接入口、登录入口、文件上传入口，操作系统版本、中间件版本、数据库版本、网络设备版本、凭证信息和/或弱口令。In combination with the first aspect, the first, second and third implementations of the first aspect, in the fourth implementation of the first aspect, the vulnerability detection features include: IP address, domain name, port, URL, API entry path, database link entry, login entry, file upload entry, operating system version, middleware version, database version, network device version, credential information and/or weak passwords.

结合第一方面，第一方面的第一种、第二种、第三及第四种实施方式，在第一方面的第五种实施方式中，所述第一攻击策略包括：攻击战术、技术及过程；所述调用所述第一攻击策略自动对所述待检测系统实施攻击，以模拟入侵攻击环境包括：确定待检测系统的目标信息资产及对应的脆弱性信息；根据所述攻击战术及技术，基于所述脆弱性信息，对所述目标信息资产实施攻击过程，以模拟入侵攻击环境。In combination with the first aspect, the first, second, third and fourth implementation modes of the first aspect, in the fifth implementation mode of the first aspect, the first attack strategy includes: attack tactics, techniques and processes; the calling of the first attack strategy to automatically attack the system to be detected to simulate an intrusion attack environment includes: determining the target information assets of the system to be detected and the corresponding vulnerability information; according to the attack tactics and techniques, based on the vulnerability information, implementing an attack process on the target information assets to simulate an intrusion attack environment.

第二方面，本发明实施例还提供一种系统安全检测装置，所述装置包括：获取程序模块，用于获取待检测系统的脆弱性信息；生成程序模块，用于根据所述脆弱性信息生成对应的第一攻击策略；入侵模拟程序模块，用于调用所述第一攻击策略自动对所述待检测系统实施攻击，以模拟入侵攻击环境；确定程序模块，用于根据得到的攻击结果确定所述待检测系统的安全状态。In a second aspect, an embodiment of the present invention further provides a system security detection device, which includes: an acquisition program module for acquiring vulnerability information of a system to be detected; a generation program module for generating a corresponding first attack strategy based on the vulnerability information; an intrusion simulation program module for calling the first attack strategy to automatically attack the system to be detected to simulate an intrusion attack environment; and a determination program module for determining the security status of the system to be detected based on the obtained attack results.

第三方面，本发明实施例提供一种电子设备，所述电子设备，包括：一个或者多个处理器；存储器；所述存储器中存储有一个或者多个可执行程序，所述一个或者多个处理器读取存储器中存储的可执行程序代码，来运行与可执行程序代码对应的程序，以用于执行第一方面任一所述的方法。In a third aspect, an embodiment of the present invention provides an electronic device, comprising: one or more processors; a memory; one or more executable programs are stored in the memory, and the one or more processors read the executable program code stored in the memory to run the program corresponding to the executable program code, so as to execute any of the methods described in the first aspect.

第四方面，本发明实施例提供一种计算机可读存储介质，所述计算机可读存储介质存储有一个或者多个程序，所述一个或者多个程序可被一个或者多个处理器执行，以实现第一方面任一所述的方法。In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, wherein the computer-readable storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to implement any method described in the first aspect.

本发明实施例提供的系统安全检测方法、装置、电子设备及存储介质，通过获取待检测系统的脆弱性信息；根据所述脆弱性信息生成对应的第一攻击策略；调用所述第一攻击策略自动对所述待检测系统实施攻击，以模拟入侵攻击环境；根据得到的攻击结果确定所述待检测系统的安全状态。针对不同类型的业务系统，根据业务系统的脆弱性信息特点确定对应的攻击策略，基于对应的攻击策略对其实施攻击，模拟入侵攻击环境，针对系统实施主动安全检测，根据攻击结果评估确定出业务系统的安全状态，由此，便于较为全面准确的检测出系统的安全状况。The system security detection method, device, electronic device and storage medium provided in the embodiments of the present invention obtain vulnerability information of the system to be detected; generate a corresponding first attack strategy according to the vulnerability information; call the first attack strategy to automatically attack the system to be detected to simulate an intrusion attack environment; and determine the security status of the system to be detected according to the obtained attack results. For different types of business systems, the corresponding attack strategy is determined according to the vulnerability information characteristics of the business system, and the attack is carried out based on the corresponding attack strategy to simulate the intrusion attack environment, and active security detection is carried out on the system. The security status of the business system is determined based on the attack result evaluation, thereby facilitating a more comprehensive and accurate detection of the security status of the system.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了更清楚地说明本发明实施例或现有技术中的技术方案，下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍，显而易见地，下面描述中的附图仅仅是本发明的一些实施例，对于本领域普通技术人员来讲，在不付出创造性劳动的前提下，还可以根据这些附图获得其它的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings required for use in the embodiments or the description of the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying creative work.

图1为本发明系统安全检测方法一实施例的流程示意图；FIG1 is a schematic diagram of a flow chart of an embodiment of a system safety detection method of the present invention;

图2为本发明系统安全检测方法另一实施例的流程示意图；FIG2 is a schematic diagram of a flow chart of another embodiment of a system safety detection method of the present invention;

图3为本发明系统安全检测方法又一实施例的流程示意图；FIG3 is a schematic diagram of a flow chart of another embodiment of a system safety detection method of the present invention;

图4为本发明系统安全检测装置一实施例架构示意框图；FIG4 is a schematic block diagram of the architecture of an embodiment of a system safety detection device of the present invention;

图5为本发明系统安全检测装置又一实施例架构示意框图；FIG5 is a schematic block diagram of another embodiment of the system safety detection device of the present invention;

图6为本发明系统安全检测装置再一实施例架构示意框图；FIG6 is a schematic block diagram of the architecture of another embodiment of the system safety detection device of the present invention;

图7为本发明电子设备的一个实施例结构示意图。FIG. 7 is a schematic structural diagram of an embodiment of an electronic device of the present invention.

具体实施方式DETAILED DESCRIPTION

下面结合附图对本发明实施例进行详细描述。The embodiments of the present invention are described in detail below with reference to the accompanying drawings.

应当明确，所描述的实施例仅仅是本发明一部分实施例，而不是全部的实施例。基于本发明中的实施例，本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其它实施例，都属于本发明保护的范围。It should be clear that the described embodiments are only some embodiments of the present invention, not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of the present invention.

为了帮助理解本发明各实施例的技术方案的创新主旨所在，对现有系统安全检测方法在此作一简单介绍如下：In order to help understand the innovative purpose of the technical solutions of various embodiments of the present invention, a brief introduction to the existing system security detection method is given as follows:

当前，为了避免各类业务功能系统遭受一些突发网络信息安全事件影响系统安全可靠运行的问题，出现了很多扫描式的安全检测工具，但是，该基于扫描方式的漏洞检测工具，其数据来源和分析手段单一，且往往因为无法获得目标系统的准确全面的脆弱性信息，而不能足够全面准确的判断系统的安全状况，尤其是一些潜在的安全类问题。At present, in order to prevent various business function systems from suffering from some sudden network information security incidents that affect the safe and reliable operation of the system, many scanning-based security detection tools have emerged. However, the vulnerability detection tools based on scanning methods have a single data source and analysis method, and often cannot obtain accurate and comprehensive vulnerability information of the target system, and cannot judge the security status of the system comprehensively and accurately, especially some potential security issues.

另外，对于一些研发的新业务系统的检测结果更是不具备准确性，无法在新业务系统投入使用之前进行安全性检测(也称为渗透测试)。In addition, the test results for some newly developed business systems are even less accurate, and it is impossible to conduct security testing (also known as penetration testing) before the new business systems are put into use.

为解决上述技术问题，本发明实施例提供的系统安全检测方法，从主动防御的角度出发，基于模拟威胁攻击环境实施反向安全检测，可以预先在获取整个系统的脆弱性信息的前提下，根据所述脆弱性信息确定对应的入侵攻击策略，以模拟攻击者的入侵攻击环境，进而获取攻击结果，根据攻击结果即可全面准确地评估出系统的安全状况。To solve the above technical problems, the system security detection method provided in the embodiment of the present invention implements reverse security detection based on a simulated threat attack environment from the perspective of active defense. On the premise of obtaining the vulnerability information of the entire system in advance, the corresponding intrusion attack strategy can be determined according to the vulnerability information to simulate the intrusion attack environment of the attacker, and then the attack results can be obtained. The security status of the system can be comprehensively and accurately evaluated based on the attack results.

本发明实施例提供的系统安全检测方法，可应用于各类功能业务系统安全状态检测及入侵渗透测试场景中，用于检测系统的安全状况；需要说明的是，该方法可以以软件的形式固化于某一制造的产品中，作为系统安全检测模型，当用户在使用该产品时，可以再现本申请的方法流程。The system security detection method provided in the embodiment of the present invention can be applied to various functional business system security status detection and intrusion penetration testing scenarios to detect the security status of the system; it should be noted that the method can be solidified in a certain manufactured product in the form of software as a system security detection model. When the user uses the product, the method flow of the present application can be reproduced.

图1为本发明系统安全检测方法一实施例的流程示意图；参看图1所示，本实施例的方法可应用于业务系统研发阶段的入侵渗透测试场景中，还可以用于业务系统的安全性主动防御分析场景中，以在一定程度上提高业务系统资产的安全性。所述方法可以包括：FIG1 is a flow chart of an embodiment of a system security detection method of the present invention; referring to FIG1 , the method of this embodiment can be applied to the intrusion penetration test scenario in the development stage of the business system, and can also be used in the active defense analysis scenario of the security of the business system to improve the security of the business system assets to a certain extent. The method may include:

步骤110、获取待检测系统的脆弱性信息。Step 110: Obtain vulnerability information of the system to be detected.

所述脆弱性信息可以包括：软件漏洞、硬件漏洞及网络通信数据漏洞。The vulnerability information may include: software vulnerabilities, hardware vulnerabilities and network communication data vulnerabilities.

120、根据所述脆弱性信息生成对应的第一攻击策略。120. Generate a corresponding first attack strategy according to the vulnerability information.

所述第一攻击策略可以存储至攻击策略库中，每种不同的攻击策略可复用，当确定出待检测系统的脆弱性信息之后，直接可以调用攻击策略库中存储的所述第一攻击策略，用于下一次模拟入侵攻击环境，从而提高系统安全检测效率。The first attack strategy can be stored in an attack strategy library, and each different attack strategy can be reused. After the vulnerability information of the system to be detected is determined, the first attack strategy stored in the attack strategy library can be directly called for the next simulation of the intrusion attack environment, thereby improving the system security detection efficiency.

130、调用所述第一攻击策略自动对所述待检测系统实施攻击，以模拟入侵攻击环境。130. Call the first attack strategy to automatically attack the system to be detected to simulate an intrusion attack environment.

本实施例中，在确定与所述待检测系统对应的第一攻击策略之后，可以利用第一攻击策略实施自动攻击，以模拟入侵攻击环境。In this embodiment, after determining the first attack strategy corresponding to the system to be detected, the first attack strategy may be used to implement an automatic attack to simulate an intrusion attack environment.

区别于现有系统安全检测技术中是基于真实威胁或攻击环境被动防御检测，由于本申请中的入侵攻击环境是模拟入侵攻击环境，可以设定明确的攻击范围、时间和目标，不会对系统造成实质性伤害。Different from the existing system security detection technology which is based on passive defense detection of real threats or attack environments, since the intrusion attack environment in this application is a simulated intrusion attack environment, a clear attack range, time and target can be set without causing substantial damage to the system.

140、根据得到的攻击结果确定所述待检测系统的安全状态。140. Determine the security status of the system to be detected according to the obtained attack result.

本实施例中，在得到攻击结果之后，可以根据攻击结果全面准确地分析得到系统的安全状态。并且，还可以形成安全分析报告。In this embodiment, after the attack result is obtained, the security status of the system can be comprehensively and accurately analyzed based on the attack result, and a security analysis report can also be generated.

本发明实施例提供的系统安全检测方法，由于可以针对不同类型的业务系统，根据业务系统的脆弱性信息特点确定对应的攻击策略，基于对应的攻击策略对其实施攻击，模拟入侵攻击环境，针对系统实施主动安全检测，根据攻击结果评估确定出业务系统的安全状态，由此，便于较为全面准确的检测出系统的安全状况。The system security detection method provided in the embodiment of the present invention can determine the corresponding attack strategy for different types of business systems according to the vulnerability information characteristics of the business systems, carry out attacks on them based on the corresponding attack strategies, simulate the intrusion attack environment, implement active security detection on the system, and determine the security status of the business system based on the attack result evaluation, thereby facilitating a more comprehensive and accurate detection of the security status of the system.

具体的，在步骤140之后，所述方法还包括步骤150：基于所述安全分析报告，对系统中的安全漏洞以及其它类型安全问题进行处理，以提高业务系统的安全性。Specifically, after step 140, the method further includes step 150: based on the security analysis report, processing security holes and other types of security issues in the system to improve the security of the business system.

本实施例中，由于可以基于业务系统自身的脆弱性信息预先全面获取之后，确定出对应的攻击策略，然后基于所述攻击策略模拟入侵攻击环境，对其进行主动防御检测，这样，无论是对于已经成型的系统，还是在系统发布之前，都可以对系统进行全面、有效的稳定性和安全性等多方面的检测或测试，从而可以全面、准确地检测出系统的安全性，并进而主动防御，提高系统的安全性。In this embodiment, since the corresponding attack strategy can be determined after the vulnerability information of the business system itself is fully acquired in advance, and then the intrusion attack environment is simulated based on the attack strategy, and active defense detection is performed on it, in this way, whether it is for an already formed system or before the system is released, the system can be comprehensively and effectively detected or tested in many aspects such as stability and security, so that the security of the system can be comprehensively and accurately detected, and then active defense can be performed to improve the security of the system.

在一些实施例中，可将收集的漏洞数据库(即脆弱性信息库)与攻击战术、技术(手段)及过程等攻击策略之间建立映射关系，构建攻击策略库。参看图2所示，具体的，所述根据所述脆弱性信息生成对应的第一攻击策略(步骤120)具体包括：120＇、根据所述脆弱性信息从攻击策略库中匹配查询，得到所述第一攻击策略；所述攻击策略库中至少存储有所述待检测系统的脆弱性信息与第一攻击策略之间的映射关系；这样，提供了一种根据系统的脆弱性信息自动确定对应的攻击策略的方案，从而可以提高系统安全检测的效率。In some embodiments, a mapping relationship can be established between the collected vulnerability database (i.e., vulnerability information library) and attack strategies such as attack tactics, techniques (means) and processes to construct an attack strategy library. Referring to FIG. 2, specifically, the generating of the corresponding first attack strategy according to the vulnerability information (step 120) specifically includes: 120', matching query from the attack strategy library according to the vulnerability information to obtain the first attack strategy; the attack strategy library at least stores the mapping relationship between the vulnerability information of the system to be detected and the first attack strategy; in this way, a solution is provided for automatically determining the corresponding attack strategy according to the vulnerability information of the system, thereby improving the efficiency of system security detection.

参看图3所示，在一些实施例中，所述获取待检测系统的脆弱性信息(步骤110)包括：111、采集所述待检测系统的软件、硬件及网络通信的数据信息；3 , in some embodiments, the obtaining of vulnerability information of the system to be detected (step 110 ) includes: 111 , collecting data information of software, hardware and network communication of the system to be detected;

本实施例中，可以利用不同类型的漏洞扫描工具，例如，主机漏洞扫描、网络漏洞扫描、数据漏洞扫描工具等扫描采集得到系统的软件、硬件及网络通信的数据信息。In this embodiment, different types of vulnerability scanning tools may be used, such as host vulnerability scanning, network vulnerability scanning, data vulnerability scanning tools, etc. to scan and collect data information on the system's software, hardware, and network communications.

112、根据软件、硬件及网络通信维度对所述数据信息进行分类处理，得到目标分析数据信息；113、提取所述目标分析数据信息中的漏洞检测特征；114、对所述漏洞检测特征进行分析，得到对应的脆弱性信息。112. Classify and process the data information according to the software, hardware and network communication dimensions to obtain target analysis data information; 113. Extract vulnerability detection features from the target analysis data information; 114. Analyze the vulnerability detection features to obtain corresponding vulnerability information.

其中，所述漏洞检测特征可以包括：IP地址、域名、端口、URL、API入口路径、数据库链接入口、登录入口、文件上传入口，操作系统版本、中间件版本、数据库版本、网络设备版本、凭证信息和/或弱口令等。Among them, the vulnerability detection features may include: IP address, domain name, port, URL, API entry path, database link entry, login entry, file upload entry, operating system version, middleware version, database version, network device version, credential information and/or weak passwords, etc.

根据存在漏洞的信息资产不同，漏洞检测特征也会有所不同，例如，信息资产为文件和信息资产为网页等，其漏洞检测特征会有所不同。The vulnerability detection features may vary depending on the information assets with vulnerabilities. For example, the vulnerability detection features may be different if the information assets are files or web pages.

在一些实施例中，所述第一攻击策略包括：攻击战术、技术及过程(TTPs)；In some embodiments, the first attack strategy includes: attack tactics, techniques, and procedures (TTPs);

示例性地，第一攻击策略中包括：攻击的意图、攻击所采用的手段或工具、以及攻击的目标信息资产、攻击的时间节点、攻击持续的时长、攻击的范围等等。Exemplarily, the first attack strategy includes: the intention of the attack, the means or tools used in the attack, the target information assets of the attack, the time point of the attack, the duration of the attack, the scope of the attack, and the like.

所述调用所述第一攻击策略自动对所述待检测系统实施攻击，以模拟入侵攻击环境包括：确定待检测系统的目标信息资产及对应的脆弱性信息；所述信息资产包括：硬件、软件及网络通信数据等，每次可以单独对一个信息资产或一起对多个不同信息资产实施攻击。The calling of the first attack strategy to automatically attack the system to be detected to simulate the intrusion attack environment includes: determining the target information assets of the system to be detected and the corresponding vulnerability information; the information assets include: hardware, software and network communication data, etc., and the attack can be carried out on one information asset individually or on multiple different information assets together each time.

根据所述攻击战术及技术，基于所述脆弱性信息，对所述目标信息资产实施攻击过程，以模拟入侵攻击环境。According to the attack tactics and techniques, based on the vulnerability information, an attack process is implemented on the target information asset to simulate an intrusion attack environment.

本实施例中，第一攻击策略可以存放在待检测主机上，也可以存放在云端或服务器。其中，客户端(待检测主机)可以采用Windows平台,具有友好的交互界面。服务器端可以采用Linux用平台,具有稳定性、可靠性的优点。攻击策略库可选用SQL Server数据库,具有较好的查询和升级功能，以便于迭代更新攻击策略库，以适应新的测试或检测业务要求。In this embodiment, the first attack strategy can be stored on the host to be detected, or in the cloud or server. Among them, the client (host to be detected) can use the Windows platform, which has a friendly interactive interface. The server side can use the Linux platform, which has the advantages of stability and reliability. The attack strategy library can use the SQL Server database, which has good query and upgrade functions, so as to iteratively update the attack strategy library to adapt to new test or detection business requirements.

在一些实施例中，获取检测系统的脆弱性信息，还可以根据系统面向的业务类型，有针对性地获取。In some embodiments, the vulnerability information of the detection system may be obtained in a targeted manner according to the business type of the system.

本实施例中的系统安全检测方法，可以以web技术+数据库方式实现，为了更高效的开发速度，也可应用流行的Vue框架或React框架开发成检测软件，实现上述方法步骤的程序代码，可以用python语言编写成脚本以实现相应自动模拟入侵攻击环境并实施攻击及检测的业务逻辑，从而便于安全检测分析人员操作及分析。The system security detection method in this embodiment can be implemented in the form of web technology + database. For a more efficient development speed, the popular Vue framework or React framework can also be used to develop detection software. The program code for implementing the above method steps can be written into a script in Python language to realize the corresponding automatic simulation of the intrusion attack environment and implement the business logic of attack and detection, thereby facilitating the operation and analysis of security detection analysts.

根据上述公开描述可知，本发明实施例提供的系统安全检测技术方案，从反向检测角度出发，基于模拟威胁入侵环境对系统实施攻击，去检测系统的安全性，针对不同业务系统特点，提供对应的攻击策略，模拟入侵攻击环境以进行安全检测，便于全面和准确的发现系统的安全性问题。According to the above public description, the system security detection technical solution provided by the embodiment of the present invention starts from the reverse detection perspective, attacks the system based on simulating the threat intrusion environment to detect the security of the system, provides corresponding attack strategies for the characteristics of different business systems, simulates the intrusion attack environment for security detection, and facilitates comprehensive and accurate discovery of system security issues.

并且，整个检测过程是可扩展的，根据更新攻击策略库，集成更多的攻击策略，用于真实模拟更多入侵攻击环境，可以提升检测效率及检测结果的准确性。Moreover, the entire detection process is scalable. By updating the attack strategy library and integrating more attack strategies to realistically simulate more intrusion attack environments, the detection efficiency and the accuracy of the detection results can be improved.

实施例二Embodiment 2

图4为本发明系统安全检测装置一实施例架构示意框图；如图4所示，所述系统安全检测装置包括：FIG4 is a schematic block diagram of an embodiment of a system safety detection device of the present invention; as shown in FIG4 , the system safety detection device includes:

获取程序模块210，用于获取待检测系统的脆弱性信息；An acquisition program module 210 is used to acquire vulnerability information of a system to be detected;

生成程序模块220，用于根据所述脆弱性信息生成对应的第一攻击策略；A generating program module 220, configured to generate a corresponding first attack strategy according to the vulnerability information;

入侵模拟程序模块230，用于调用所述第一攻击策略自动对所述待检测系统实施攻击，以模拟入侵攻击环境；An intrusion simulation program module 230, used to call the first attack strategy to automatically attack the system to be detected, so as to simulate an intrusion attack environment;

确定程序模块240，用于根据得到的攻击结果确定所述待检测系统的安全状态。The determination program module 240 is used to determine the security status of the system to be detected according to the obtained attack result.

本实施例的装置可以用于执行图1所示方法实施例的技术方案，本实施例的装置，其实现原理和技术效果类似，此处不再多赘述，可相互参看。The device of this embodiment can be used to execute the technical solution of the method embodiment shown in Figure 1. The implementation principle and technical effects of the device of this embodiment are similar, which will not be described in detail here, and can be referenced by each other.

其中，所述脆弱性信息包括：软件漏洞、硬件漏洞及网络通信数据漏洞。The vulnerability information includes: software vulnerabilities, hardware vulnerabilities and network communication data vulnerabilities.

本实施例中，作为一可选实施例，提供的装置与前述实施例所述的装置类似，不同之处在于：所述生成程序模块220，具体用于根据所述脆弱性信息从攻击策略库中匹配查询，得到所述第一攻击策略；所述攻击策略库中至少存储有所述待检测系统的脆弱性信息与第一攻击策略之间的映射关系。In this embodiment, as an optional embodiment, the device provided is similar to the device described in the previous embodiment, except that: the generation program module 220 is specifically used to match the query from the attack strategy library according to the vulnerability information to obtain the first attack strategy; the attack strategy library at least stores the mapping relationship between the vulnerability information of the system to be detected and the first attack strategy.

参看图5所示，本实施例中，作为另一可选实施例，所述获取程序模块210，包括：采集程序单元211，用于采集所述待检测系统的软件、硬件及网络通信的数据信息；5 , in this embodiment, as another optional embodiment, the acquisition program module 210 includes: a collection program unit 211 for collecting data information of software, hardware and network communication of the system to be detected;

分类程序单元212，用于根据软件、硬件及网络通信维度对所述数据信息进行分类处理，得到目标分析数据信息；The classification program unit 212 is used to classify the data information according to the software, hardware and network communication dimensions to obtain target analysis data information;

提取程序单元213，用于提取所述目标分析数据信息中的漏洞检测特征；An extraction program unit 213 is used to extract vulnerability detection features in the target analysis data information;

分析程序单元214，用于对所述漏洞检测特征进行分析，得到对应的脆弱性信息。The analysis program unit 214 is used to analyze the vulnerability detection features to obtain corresponding vulnerability information.

所述漏洞检测特征包括：IP地址、域名、端口、URL、API入口路径、数据库链接入口、登录入口、文件上传入口，操作系统版本、中间件版本、数据库版本、网络设备版本、凭证信息和/或弱口令。The vulnerability detection features include: IP address, domain name, port, URL, API entry path, database link entry, login entry, file upload entry, operating system version, middleware version, database version, network device version, credential information and/or weak passwords.

作为又一可选实施例，所述第一攻击策略包括：攻击战术、技术及过程；As another optional embodiment, the first attack strategy includes: attack tactics, techniques and processes;

参看图6所示，所述入侵模拟程序模块230，包括：确定程序单元231，用于确定待检测系统的目标信息资产及对应的脆弱性信息；6 , the intrusion simulation program module 230 includes: a determination program unit 231 for determining target information assets and corresponding vulnerability information of the system to be detected;

攻击模拟程序单元232，用于根据所述攻击战术及技术，基于所述脆弱性信息，对所述目标信息资产实施攻击过程，以模拟入侵攻击环境。The attack simulation program unit 232 is used to implement an attack process on the target information asset according to the attack tactics and techniques and based on the vulnerability information to simulate an intrusion attack environment.

所述资产运行数据包括：进程行为数据、文件访问数据、系统操作数据及网络流量数据。The asset operation data includes: process behavior data, file access data, system operation data and network traffic data.

本发明实施例提供的系统安全检测装置，基于与实施例一相同的特定技术特征，可针对系统实施主动安全检测，便于较为全面准确的检测出系统的安全状况。The system security detection device provided in the embodiment of the present invention, based on the same specific technical features as the first embodiment, can implement active security detection on the system, so as to detect the security status of the system more comprehensively and accurately.

对于本发明提供的威胁检测装置的各实施例而言，由于其基本相似于方法实施例，所以描述的比较简单，相关之处参见方法实施例部分的说明即可。As for the various embodiments of the threat detection device provided by the present invention, since they are basically similar to the method embodiments, the description is relatively simple, and the relevant parts can be referred to the description of the method embodiments.

本发明还实施例提供了一种电子设备，包括一个或者多个处理器；存储器；所述存储器中存储有一个或者多个可执行程序，所述一个或者多个处理器读取存储器中存储的可执行程序代码，来运行与可执行程序代码对应的程序，以用于执行实施例一任一所述的方法。The present invention also provides an electronic device according to an embodiment, comprising one or more processors; a memory; the memory stores one or more executable programs, and the one or more processors read the executable program code stored in the memory to run the program corresponding to the executable program code, so as to execute any method described in embodiment one.

图7为本发明电子设备一个实施例的结构示意图，其可以实现本发明实施例一任一所述的方法，如图7所示，作为一可选实施例，上述电子设备可以包括：壳体41、处理器42、存储器43、电路板44和电源电路45，其中，电路板44安置在壳体41围成的空间内部，处理器42和存储器43设置在电路板44上；电源电路45，用于为上述电子设备的各个电路或器件供电；存储器43用于存储可执行程序代码；处理器42通过读取存储器43中存储的可执行程序代码来运行与可执行程序代码对应的程序，用于执行前述是实施例一任一所述的系统安全检测方法。FIG7 is a schematic diagram of the structure of an embodiment of an electronic device of the present invention, which can implement any of the methods described in Embodiment 1 of the present invention. As shown in FIG7 , as an optional embodiment, the electronic device may include: a housing 41, a processor 42, a memory 43, a circuit board 44 and a power supply circuit 45, wherein the circuit board 44 is arranged inside the space enclosed by the housing 41, and the processor 42 and the memory 43 are arranged on the circuit board 44; the power supply circuit 45 is used to supply power to various circuits or devices of the electronic device; the memory 43 is used to store executable program codes; the processor 42 runs a program corresponding to the executable program code by reading the executable program code stored in the memory 43, so as to execute the system security detection method described in any of Embodiment 1.

处理器42对上述步骤的具体执行过程以及处理器42通过运行可执行程序代码来进一步执行的步骤，可以参见本发明系统安全检测方法实施例一的描述，在此不再赘述。The specific execution process of the above steps by the processor 42 and the steps further executed by the processor 42 by running the executable program code can be found in the description of the first embodiment of the system security detection method of the present invention, which will not be repeated here.

该电子设备以多种形式存在，包括但不限于：(1)移动通信设备：这类设备的特点是具备移动通信功能，并且以提供话音、数据通信为主要目标。这类终端包括：智能手机(例如iPhone)、多媒体手机、功能性手机，以及低端手机等。(2)超移动个人计算机设备：这类设备属于个人计算机的范畴，有计算和处理功能，一般也具备移动上网特性。这类终端包括：PDA、MID和UMPC设备等，例如iPad。(3)便携式娱乐设备：这类设备可以显示和播放多媒体内容。该类设备包括：音频、视频播放模块(例如iPod)，掌上游戏机，电子书，以及智能玩具和便携式车载导航设备。(4)服务器：提供计算服务的设备，服务器的构成包括处理器、硬盘、内存、系统总线等，服务器和通用的计算机架构类似，但是由于需要提供高可靠的服务，因此在处理能力、稳定性、可靠性、安全性、可扩展性、可管理性等方面要求较高。(5)其他具有数据交互功能的电子设备。The electronic device exists in various forms, including but not limited to: (1) Mobile communication devices: This type of device is characterized by having mobile communication functions and its main goal is to provide voice and data communications. Such terminals include: smart phones (such as iPhone), multimedia phones, functional phones, and low-end mobile phones. (2) Ultra-mobile personal computer devices: This type of device belongs to the category of personal computers, has computing and processing functions, and generally also has mobile Internet access features. Such terminals include: PDA, MID and UMPC devices, such as iPad. (3) Portable entertainment devices: This type of device can display and play multimedia content. Such devices include: audio and video playback modules (such as iPod), handheld game consoles, e-books, as well as smart toys and portable car navigation devices. (4) Servers: Devices that provide computing services. The server's composition includes processors, hard disks, memory, system buses, etc. The server is similar to the general computer architecture, but because it needs to provide highly reliable services, it has higher requirements in terms of processing power, stability, reliability, security, scalability, manageability, etc. (5) Other electronic devices with data interaction functions.

本发明实施例还提供了一种计算机可读存储介质，所述计算机可读存储介质存储有一个或者多个程序，所述一个或者多个程序可被一个或者多个处理器执行，以实现前述实施例一任一所述的系统安全检测方法。An embodiment of the present invention further provides a computer-readable storage medium, which stores one or more programs. The one or more programs can be executed by one or more processors to implement the system security detection method described in any one of the above-mentioned embodiments.

综上，根据上述各实施例描述可知，本发明实施例公开的系统安全检测方法及装置，可针对系统实施主动安全检测，便于较为全面准确的检测出系统的安全状况。In summary, according to the description of the above embodiments, it can be seen that the system security detection method and device disclosed in the embodiments of the present invention can implement active security detection for the system, so as to detect the security status of the system more comprehensively and accurately.

进一步地，可以针对不同业务类型的系统，基于相应的入侵攻击方案模拟入侵攻击环境，更能有针对性地准确检测出相应系统的安全性问题。Furthermore, for systems of different business types, the intrusion attack environment can be simulated based on the corresponding intrusion attack schemes, so that the security issues of the corresponding systems can be detected more accurately and in a targeted manner.

另外，通过ATT&CK的技战术ID为安全事件打标签，便于形成业界描述威胁告警的通用语言，即通过ATT&CK框架的技术和子技术ID和名称来对安全事件统一描述，为协同化分析提供了便利性。In addition, labeling security incidents with ATT&CK's technical and tactical IDs facilitates the formation of a common language for describing threat alerts in the industry. That is, security incidents are uniformly described through the ATT&CK framework's technical and sub-technical IDs and names, providing convenience for collaborative analysis.

进一步地，本发明从反向检测的角度，提出模拟攻击进行系统安全检测的技术构思，可提前对系统进行主动防御检测，区别于真正的入侵攻击，模拟的入侵攻击有明确的范围、目标和时间，不会对系统造成实质性损害。Furthermore, from the perspective of reverse detection, the present invention proposes a technical concept of simulating attacks to perform system security detection, which can perform active defense detection on the system in advance. Different from real intrusion attacks, simulated intrusion attacks have clear scope, target and time, and will not cause substantial damage to the system.

进一步地，由于能提前发现系统的漏洞与安全性问题，使系统在上线或发布后能减少被攻击所造成的损失。Furthermore, since system vulnerabilities and security issues can be discovered in advance, the losses caused by attacks can be reduced after the system is launched or released.

需要说明的是，在本文中，诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来，而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且，术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含，从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素，而且还包括没有明确列出的其他要素，或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下，由语句“包括一个……”限定的要素，并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should be noted that, in this article, relational terms such as first and second, etc. are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Moreover, the terms "include", "comprise" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, article or device including a series of elements includes not only those elements, but also other elements not explicitly listed, or also includes elements inherent to such process, method, article or device. In the absence of further restrictions, the elements defined by the sentence "comprise a ..." do not exclude the existence of other identical elements in the process, method, article or device including the elements.

本说明书中的各个实施例均采用相关的方式描述，各个实施例之间相同相似的部分互相参见即可，每个实施例重点说明的都是与其他实施例的不同之处。Each embodiment in this specification is described in a related manner, and the same or similar parts between the embodiments can be referenced to each other, and each embodiment focuses on the differences from other embodiments.

为了描述的方便，描述以上装置是以功能分为各种单元/模块分别描述。当然，在实施本发明时可以把各单元/模块的功能在同一个或多个软件和/或硬件中实现。For the convenience of description, the above device is described by dividing the functions into various units/modules. Of course, when implementing the present invention, the functions of each unit/module can be implemented in the same or multiple software and/or hardware.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程，是可以通过计算机程序来指令相关的硬件来完成，所述的程序可存储于一计算机可读取存储介质中，该程序在执行时，可包括如上述各方法的实施例的流程。其中，所述的存储介质还可为磁碟、光盘、只读存储记忆体(Read-Only Memory，ROM)或随机存储记忆体(Random AccessMemory，RAM)等。Those skilled in the art can understand that all or part of the processes in the above-mentioned embodiments can be implemented by instructing the relevant hardware through a computer program, and the program can be stored in a computer-readable storage medium, and when the program is executed, it can include the processes of the embodiments of the above-mentioned methods. The storage medium can also be a disk, an optical disk, a read-only memory (ROM) or a random access memory (RAM).

以上所述，仅为本发明的具体实施方式，但本发明的保护范围并不局限于此，任何熟悉本技术领域的技术人员在本发明揭露的技术范围内，可轻易想到的变化或替换，都应涵盖在本发明的保护范围之内。因此，本发明的保护范围应以权利要求的保护范围为准。The above is only a specific embodiment of the present invention, but the protection scope of the present invention is not limited thereto. Any changes or substitutions that can be easily thought of by a person skilled in the art within the technical scope disclosed by the present invention should be included in the protection scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (8)

Translated fromChinese

1.一种功能业务系统安全检测方法，其特征在于，应用于功能业务系统安全状态检测，所述方法包括步骤：1. A functional business system security detection method, characterized in that it is applied to the functional business system security status detection, the method comprising the steps of:根据待检测系统面向的业务类型，针对性地获取待检测系统的脆弱性信息；所述脆弱性信息包括：软件漏洞、硬件漏洞及网络通信数据漏洞；According to the business type of the system to be detected, the vulnerability information of the system to be detected is obtained in a targeted manner; the vulnerability information includes: software vulnerabilities, hardware vulnerabilities and network communication data vulnerabilities;根据所述脆弱性信息生成对应的第一攻击策略；generating a corresponding first attack strategy according to the vulnerability information;调用所述第一攻击策略自动对所述待检测系统实施攻击，以模拟入侵攻击环境；Invoking the first attack strategy to automatically attack the system to be detected to simulate an intrusion attack environment;根据得到的攻击结果确定所述待检测系统的安全状态；Determine the security status of the system to be detected according to the obtained attack result;所述待检测系统的获取脆弱性信息包括：采集所述待检测系统的软件、硬件及网络通信的数据信息；The acquisition of vulnerability information of the system to be detected includes: collecting data information of software, hardware and network communication of the system to be detected;根据软件、硬件及网络通信维度对所述数据信息进行分类处理，得到目标分析数据信息；Classify and process the data information according to software, hardware and network communication dimensions to obtain target analysis data information;提取所述目标分析数据信息中的漏洞检测特征；其中，所述漏洞检测特征根据信息资产的不同而不同，所述信息资产包括：硬件、软件及网络通信数据；Extracting vulnerability detection features from the target analysis data information; wherein the vulnerability detection features vary according to different information assets, and the information assets include: hardware, software and network communication data;对所述漏洞检测特征进行分析，得到对应的脆弱性信息；Analyze the vulnerability detection features to obtain corresponding vulnerability information;所述第一攻击策略包括：攻击的意图、攻击所采用的手段或工具、以及攻击的目标信息资产、攻击的时间节点、攻击持续的时长、攻击的范围；The first attack strategy includes: the intention of the attack, the means or tools used in the attack, the target information assets of the attack, the time point of the attack, the duration of the attack, and the scope of the attack;所述调用所述第一攻击策略自动对所述待检测系统实施攻击，以模拟入侵攻击环境包括：确定待检测系统的目标信息资产及对应的脆弱性信息；The calling of the first attack strategy to automatically attack the system to be detected to simulate an intrusion attack environment includes: determining target information assets of the system to be detected and corresponding vulnerability information;根据所述攻击战术及技术，基于所述脆弱性信息，对所述目标信息资产实施攻击过程，以模拟入侵攻击环境。According to the attack tactics and techniques, based on the vulnerability information, an attack process is implemented on the target information asset to simulate an intrusion attack environment.2.根据权利要求1所述的方法，其特征在于，所述根据所述脆弱性信息生成对应的第一攻击策略包括：2. The method according to claim 1, wherein generating a corresponding first attack strategy according to the vulnerability information comprises:根据所述脆弱性信息从攻击策略库中匹配查询，得到所述第一攻击策略；所述攻击策略库中至少存储有所述待检测系统的脆弱性信息与第一攻击策略之间的映射关系。The first attack strategy is obtained by matching and querying from an attack strategy library according to the vulnerability information; the attack strategy library at least stores a mapping relationship between the vulnerability information of the system to be detected and the first attack strategy.3.根据权利要求1所述的方法，其特征在于，所述漏洞检测特征包括：IP地址、域名、端口、URL、API入口路径、数据库链接入口、登录入口、文件上传入口，操作系统版本、中间件版本、数据库版本、网络设备版本、凭证信息和/或弱口令。3. The method according to claim 1 is characterized in that the vulnerability detection features include: IP address, domain name, port, URL, API entry path, database link entry, login entry, file upload entry, operating system version, middleware version, database version, network device version, credential information and/or weak password.4.一种功能业务系统安全检测装置，其特征在于，所述装置包括：4. A functional business system security detection device, characterized in that the device comprises:获取程序模块，用于根据待检测系统面向的业务类型，针对性地获取待检测系统的脆弱性信息；所述脆弱性信息包括：软件漏洞、硬件漏洞及网络通信数据漏洞；The acquisition program module is used to obtain vulnerability information of the system to be detected in a targeted manner according to the business type of the system to be detected; the vulnerability information includes: software vulnerabilities, hardware vulnerabilities and network communication data vulnerabilities;生成程序模块，用于根据所述脆弱性信息生成对应的第一攻击策略；A generating program module, used for generating a corresponding first attack strategy according to the vulnerability information;入侵模拟程序模块，用于调用所述第一攻击策略自动对所述待检测系统实施攻击，以模拟入侵攻击环境；An intrusion simulation program module, used for calling the first attack strategy to automatically attack the system to be detected, so as to simulate an intrusion attack environment;确定程序模块，用于根据得到的攻击结果确定所述待检测系统的安全状态；A determination program module is used to determine the security status of the system to be detected according to the obtained attack result;所述获取程序模块，包括：采集程序单元，用于采集所述待检测系统的软件、硬件及网络通信的数据信息；The acquisition program module includes: a collection program unit for collecting data information of software, hardware and network communication of the system to be detected;分类程序单元，用于根据软件、硬件及网络通信维度对所述数据信息进行分类处理，得到目标分析数据信息；A classification program unit is used to classify the data information according to the software, hardware and network communication dimensions to obtain target analysis data information;提取程序单元，用于提取所述目标分析数据信息中的漏洞检测特征；其中，所述漏洞检测特征根据信息资产的不同而不同，所述信息资产包括：硬件、软件及网络通信数据；An extraction program unit is used to extract vulnerability detection features from the target analysis data information; wherein the vulnerability detection features vary according to different information assets, and the information assets include: hardware, software and network communication data;对所述漏洞检测特征进行分析，得到对应的脆弱性信息；Analyze the vulnerability detection features to obtain corresponding vulnerability information;分析程序单元，用于对所述漏洞检测特征进行分析，得到对应的脆弱性信息；An analysis program unit is used to analyze the vulnerability detection features to obtain corresponding vulnerability information;所述第一攻击策略包括：攻击的意图、攻击所采用的手段或工具、以及攻击的目标信息资产、攻击的时间节点、攻击持续的时长、攻击的范围；The first attack strategy includes: the intention of the attack, the means or tools used in the attack, the target information assets of the attack, the time point of the attack, the duration of the attack, and the scope of the attack;所述入侵模拟程序模块，包括：确定程序单元，用于确定待检测系统的目标信息资产及对应的脆弱性信息；The intrusion simulation program module includes: a determination program unit for determining target information assets of the system to be detected and corresponding vulnerability information;攻击模拟程序单元，用于根据所述攻击战术及技术，基于所述脆弱性信息，对所述目标信息资产实施攻击过程，以模拟入侵攻击环境。The attack simulation program unit is used to implement an attack process on the target information asset according to the attack tactics and techniques and based on the vulnerability information to simulate an intrusion attack environment.5.根据权利要求4所述的功能业务系统安全检测装置，其特征在于，所述生成程序模块，具体用于根据所述脆弱性信息从攻击策略库中匹配查询，得到所述第一攻击策略；所述攻击策略库中至少存储有所述待检测系统的脆弱性信息与第一攻击策略之间的映射关系。5. The functional business system security detection device according to claim 4 is characterized in that the generation program module is specifically used to match and query from the attack strategy library according to the vulnerability information to obtain the first attack strategy; the attack strategy library at least stores the mapping relationship between the vulnerability information of the system to be detected and the first attack strategy.6.根据权利要求4所述的装置，其特征在于，所述漏洞检测特征包括：IP地址、域名、端口、URL、API入口路径、数据库链接入口、登录入口、文件上传入口，操作系统版本、中间件版本、数据库版本、网络设备版本、凭证信息和/或弱口令。6. The device according to claim 4 is characterized in that the vulnerability detection features include: IP address, domain name, port, URL, API entry path, database link entry, login entry, file upload entry, operating system version, middleware version, database version, network device version, credential information and/or weak password.7.一种电子设备，其特征在于，包括：一个或者多个处理器；存储器；所述存储器中存储有一个或者多个可执行程序，所述一个或者多个处理器读取存储器中存储的可执行程序代码，来运行与可执行程序代码对应的程序，以用于执行权利要求1至3任一所述的方法。7. An electronic device, characterized in that it comprises: one or more processors; a memory; one or more executable programs are stored in the memory, and the one or more processors read the executable program code stored in the memory to run the program corresponding to the executable program code, so as to execute any method described in claims 1 to 3.8.一种计算机可读存储介质，其特征在于，所述计算机可读存储介质存储有一个或者多个程序，所述一个或者多个程序可被一个或者多个处理器执行，以实现前述权利要求1至3任一所述的方法。8. A computer-readable storage medium, characterized in that the computer-readable storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to implement any of the methods described in claims 1 to 3.